-
Fetch the API server's SPIFFE ID from the container's
EDGE_SPIFFE_IDenvironment variable and use it as follows-
To configure mTLS client that will use X.509-SVID. for e.g. in Go,
authorizer := tlsconfig.AuthorizeID(spiffeid.FromString(os.Getenv("EDGE_SPIFFE_ID"))) tlsConfig := tlsconfig.MTLSClientConfig(x509Source, x509Source, authorizer) -
As the audience of the JWT-SVID. for e.g. in Go,
audience:= os.Getenv("EDGE_SPIFFEE_ID") svid, err := jwtSource.FetchJWTSVID(ctx, jwtsvid.Params{ Audience: audience,})
For more details on language specific SPIFFE Library Usage refer here.
-
-
Include the retrieved JWT-SVID in the
Authorizationheader of the REST API call of secure storage with prefix"JWT ", e.gJWT 551e145c-3a06-4d4b-99a3-3d0fd7185174 -
The base API paths, depending on the configuration of the application container, are:
-
When the application connects to the proxy redirect API, the base path URL will be
https://edge-iot-core.proxy-redirect:8443/b.service/api/v2/secure-storage -
When the application connects, it either connects to the host network or has network mode as the host API base path URL will be
https://127.0.0.1:9443/b.service/api/v2/secure-storage
-